Remote access service inspector

ABSTRACT

A method, system, and computer program product for providing protected remote access from a remote access client to a remote access server over a computer network through a plurality of inspections. A remote access configuration file is created for the remote access client. A digital hash of the configuration file is then generated. The digital hash is compared with a configuration file stored at a predefined web location. If the comparison results in a match between the digital hash and the stored configuration file, a digital hash comparison is performed between an encrypted remote access configuration file and an encrypted configuration file stored at the predefined web location. If the plurality of inspections are passed, the remote access client is released from a quarantine state and a virtual private network (VPN) connection to the remote access server is established.

BACKGROUND OF THE INVENTION

The present invention relates generally to information processing on acomputer network, and, more particularly, to methods and systems forproviding protected remote access to an information technologyinfrastructure.

A large number of businesses and individual users use portable computingdevices, such as laptop computers and hand-held devices, that are movedfrequently and that can connect into more than one network. Users nowhave laptop computers that are connected to a corporate network duringthe day and to a home network during the evening. Many users also havehome computers that are remotely connected to various organizations fromtime to time through wide-area networks, including the Internet. Thenumber of computing devices and the number of networks that have thesedevices connected to the network, have increased dramatically in recentyears. Users are also using the Internet to remotely connect to a numberof different systems and networks. A user may connect his or her homecomputer to a corporate network through a virtual private network (VPN),which creates a secure session between the home computer and thecorporation's network.

As more computers are connecting to a number of different networks, anew set of challenges face network administrators and individual usersalike. Previously closed computing environments are now opening to aworldwide network of computer systems. Specific challenges includeattacks by perpetrators capable of damaging the local computer systems,stealing proprietary data and programs, unauthorized access to externaldata, infiltration by viruses, and employee abuse of business computerresources.

A mechanism traditionally used to address several of the challenges is afirewall product. Traditional firewall products guard a boundary orgateway between a local network, such as a corporate network and alarger network, such as the Internet. These products primarily regulatetraffic between physical networks by establishing and enforcing rulesthat regulate access based upon the type of access request, the sourcerequesting access, the connection port to be accessed, and otherfactors. One of the implications of the increasing number of devicesoccasionally connected to different networks is that traditionalcorporate firewall technologies are no longer effective. A corporatefirewall provides some degree of protection when a device is connectedto that particular corporate network, but it provides no protection whenthe device is connected to other networks. Additionally, a traditionalfirewall may not protect against intrusions originating from a remotedevice that is connected to a corporate network.

Another protection measure implemented by many users and administratorsis to install an anti-virus application on their machines to provideprotection against infiltration by viruses. An anti-virus applicationtypically includes an engine that has a database or repository of virusinformation that enables identification of viruses and other maliciouscode. At specified intervals, the antivirus engine will scan thecomputer system to detect any files that match known virus signatures.

Although anti-virus products provide considerable protection to the userand administrators of computer systems and networks, several problemsremain. One problem is that if a remote client machine connected to acorporate network through a VPN gateway is infected with a virus, it mayinfect other machines on the same network. An infected computer that isconnected to a corporate local area network (LAN) may put the entirenetwork at risk. The computer may be infected with a virus thatintentionally tries to spread itself to other machines in the network.One machine that is not running the correct anti-virus engine or is notequipped with current virus signature definitions may jeopardize thesecurity of the entire network. Ensuring that machines are runningcurrent anti-virus programs is particularly important, as virus issuesare very time sensitive. It becomes critical, therefore, to promptlyupdate anti-virus applications on all machines in a network in a timelyfashion before the network is infiltrated by a newly released virus.

Microsoft Corporation has developed the remote quarantine service (RQS)for the purpose of allowing computers to connect to a remote accessserver without giving them full access to the network until the computercan be inspected. This service works in conjunction with a remotequarantine client (RQC) to release a computer in quarantine once it hasbeen inspected. Currently, Microsoft and other vendors do not offer amechanism to perform a client inspection. The present invention wasdeveloped to perform remote client inspection and makes use of theremote quarantine service and the remote quarantine client.

SUMMARY OF THE INVENTION

The invention is directed to a method and computer program product toprotect an information technology infrastructure from malicious attackswhile allowing its authorized users to have remote protected access to acompany's network services. The RAS Inspector invention is applicable toany computer network used for any purpose.

In one aspect of the invention, a method, system, and program productare provided for protected remote access from a remote access client toa remote access server over a computer network through a plurality ofinspections. A remote access configuration file is created for theremote access client. A digital hash of the configuration file is thengenerated. The digital hash is compared with a configuration file storedat a predefined web location. If the comparison results in a matchbetween the digital hash and the stored configuration file, a digitalhash comparison is performed between an encrypted remote accessconfiguration file and an encrypted configuration file stored at thepredefined web location. If the plurality of inspections are passed, theremote access client is released from a quarantine state and a virtualprivate network (VPN) connection to the remote access server isestablished.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other advantages and aspects of the present invention willbecome apparent and more readily appreciated from the following detaileddescription of the invention taken in conjunction with the accompanyingdrawings, as follows.

FIG. 1 illustrates a user interface for selecting custom actions usingthe Connection Manager Administration Kit (CMAK) wizard in accordancewith an exemplary embodiment of the invention.

FIG. 2 illustrates a pre-tunnel action user interface in accordance withan exemplary embodiment of the invention.

FIG. 3 illustrates a post-connect action user interface in accordancewith an exemplary embodiment of the invention.

FIG. 4 illustrates an additional files user interface in accordance withan exemplary embodiment of the invention.

FIG. 5 illustrates a user interface drop down box for a crypto textcomponent in accordance with an exemplary embodiment of the invention.

FIG. 6 illustrates a user interface dialog box for saving an encryptedfile in accordance with an exemplary embodiment of the invention.

FIG. 7 illustrates a user interface for opening an encrypted file inaccordance with an exemplary embodiment of the invention.

FIG. 8 illustrates a user interface a clear text file of an encryptedfile in accordance with an exemplary embodiment of the invention.

FIG. 9 illustrates a user interface for selecting a file to hash inaccordance with an exemplary embodiment of the invention.

FIG. 10 illustrates a message generated by the crypto text componentafter hashing a non-executable file in accordance with an exemplaryembodiment of the invention.

FIG. 11 illustrates a message generated by the crypto text componentafter hashing an executable file in accordance with an exemplaryembodiment of the invention.

FIG. 12 illustrates the processing logic for the RAS Inspector inaccordance with an exemplary embodiment of the invention.

DETAILED DESCRIPTION OF THE INVENTION

The following description of the invention is provided as an enablingteaching of the invention and its best, currently known embodiment.Those skilled in the relevant art will recognize that many changes canbe made to the embodiments described, while still obtaining thebeneficial results of the present invention. It will also be apparentthat some of the desired benefits of the present invention can beobtained by selecting some of the features of the present inventionwithout utilizing other features. Accordingly, those who work in the artwill recognize that many modifications and adaptations to the presentinvention are possible and may even be desirable in certaincircumstances, and are a part of the present invention. Thus, thefollowing description is provided as illustrative of the principles ofthe present invention and not in limitation thereof, since the scope ofthe present invention is defined by the claims.

Definition of Terms

Internet Protocol Security (IPSec)—IPSec is a set of protocols developedby the Internet Engineering Task Force (IETF) to support secure exchangeof data packets at the Internet Protocol (IP) layer. IPSec has beendeployed widely to implement virtual private networks (VPNs). IPSecsupports two encryption modes: transport and tunnel. Transport modeencrypts on the data portion (i.e., payload) of each packet, but leavesthe header untouched. The more secure tunnel mode encrypts both theheader and the payload of each packet. On the receiving side, an IPSeccompliant device decrypts each packet.

Virtual Private Network (VPN)—A VPN is an on-demand “tunnel” connectionover a public or private network between two computers at differentlocations. There are a number of systems that enable creation of virtualprivate networks using the Internet as the medium for transporting data.These systems use data encryption and other security mechanisms toensure that only authorized users can access the network and that thedata being transmitted cannot be intercepted.

Remote Access Client—A computer running a Windows operating system thatcreates either a dial-up or virtual private network connection to aremote access server. The remote access client can use either a manuallyconfigured or a Connection Manager component.

Remote Access Server (RAS)—A computer running a member of Windows 2000Server or Windows Server 2003 families.

Remote Access Quarantine Client (RQC)—RQC works on the remote accessclient as a notification component. It verifies to the listenercomponent that the remote access client has met network requirements.

Remote Access Quarantine Agent (RQS)—Tool that works as part of WindowsServer 2003 Network Access Quarantine Control to restrict remote accessclients from full access to a network until they meet the requirementsof the network. RQS works on the remote access server as a listenercomponent. It informs the remote access server when a client can betaken out of quarantine mode.

Connection Manager—Microsoft software component that provides supportfor local and remote connections for remote access client access toremote access server. Once the Connection Manager executable is run, itenters the proper settings on the client computer for remote access tothe server on which the Connection Manager component was formed.Connection Manager establishes virtual private network connections tothe remote server.

Connection Manager Administration Kit (CMAK)—The CMAK configurationwizard builds a service profile which is a set of files that isdistributed to users so that they can easily install and run a customversion of Connection Manager. The configuration wizard enters permanentinformation and settings into the Connection Manager component.

The Remote Access Service (RAS) Inspector is a tool for inspectingpersonal computers running a Microsoft operating system, such as WindowsXP, before attempting to connect to a company Internet IPSec VirtualPrivate Network (VPN) that is utilizing the Remote Quarantine Agent(RQS) service. RAS Inspector provides a customizable inspection of aremote client and upon successfully passing the inspection, it providesa Remote Quarantine Client (RQC) function to request release of theremote client from quarantine by the RQS. The RAS Inspector must be runin conjunction with the Microsoft Connection Manager as built from theMicrosoft Connection Manager Administration Kit (CMAK). RAS Inspector iscompletely configurable with an auto-updating, encrypted configurationfile. When launched appropriately from the Dynamic Link Library (DLL),the executable will auto-update when new versions are detected.

The RAS Inspector performs a digital hash comparison of the localexecutable configuration file to one in a predefined web location on theInternet. The purpose of the digital hash function is to produce afingerprint of a file, message, or block of data that cannot be changedwithout hashing to a different value. To be of cryptographic use, a hashfunction is typically chosen such that it is computationally infeasibleto find two distinct inputs that hash to a common value. If the hashcomparison is not a match, RAS Inspector will download the newexecutable and exit, providing an exit code identifying that a newversion is available to the launching DLL. The launching DLL will renamethe file and relaunch the executable. The RAS Inspector performs adigital hash comparison of the local encrypted configuration file to onein a predefined web location on the Internet. If the hash comparison isnot a match, RAS Inspector will download and replace the local encryptedconfiguration file.

The RAS Inspector performs the following checks:

-   -   1. a live update of virus definitions;    -   2. a validation that the virus definitions exist and are within        a predefined age;    -   3. a check that the anti-virus software is running and active;    -   4. a check of predefined operating system (OS) patches by        checking each file in the patch for appropriate versions and        time stamps.        For the inspection of the OS patches, each patch is allowed a        force switch as well as a force by date.

If the remote computer passes inspection, the Connection Manager willcontinue through the process of completing the connection and thequarantine will be released. If the computer fails the inspection, theConnection Manager will not continue through the connection process. Theconfiguration file has settings for certain checks that allow theadministrator to force a failure if the inspection does not pass orsimply inform that remediation is required.

Should the process be bypassed in any way, the remote computer will notbe released from quarantine and it will not be able to access anythingthrough the VPN tunnel. After the connection has taken place and thequarantine has been cleared, RAS Inspector performs an additional hashcomparison of the DLL and downloads a new one if appropriate.

The following components are required on the local machine for thecorrect operation of the RAS Inspector invention: RASISet.dll,RASInspect.exe, RASInspect.cfg, Application.htm, OSInspector.cfg, andConnection Manager. The component names are exemplary and are not alimitation on the invention.

RASISet.dll is launched from the Connection Manager pre-tunnel stage. Itlaunches the RASInspect.exe and when returned with appropriate code,checks for a new version, copies it over and re-launches.

RASInspect.exe is the main executable. It performs inspection of theremote computer and releases quarantine upon a successful inspection.

RASInspect.cfg is the encrypted configuration file. It contains all ofthe information required to perform the inspection including the textstrings used by the graphical interface, the web path for updates, theOS patch inspector configuration files, etc.

Application.htm is the digital hash file of RASInspect.exe. It iscompared with the hash file at the predefined web address.

OSInspector.cfg is the file that is used for the inspection ofindividual operating system patches. The name of the file shouldactually correspond to the name of the patch being inspected. There canbe as many OSInspector.cfg files as are necessary to assure that allappropriate patches have been applied. The OSInspector.cfg files are notencrypted.

Connection Manager is Microsoft's Connection Manager, appropriatelyconfigured using the Connection Manager Administration Kit (CMAK).

A component is required for the creation and maintenance of theRASInspect.cfg file and the creation of digital hash files for each ofthe aforementioned components. For obvious reasons, this file, referredto as CryptoText.exe herein, should not reside on the client machinewhich is to be inspected. Nor should it reside on the web site where theupdated files are placed. This executable provides the key and hashingalgorithm for all of the encryption and hashing used during theoperation.

In addition to all of the files described in the local workstationlocation above, the files described in the following paragraphs are keptat the predefined web location and are used for validating the filesused during the inspection as well as for providing updated files ifrequired. The names used are exemplary and are not a limitation on theinvention.

RASInspect.htm is the digital hash file for RASInspect.cfg. It providesthe hash code for the current version of RASInspect.cfg. Duringinspection, a hash code is generated of the local RASInspect.cfg fileand compared to the one provided in this file. If they are the same,then the correct version of the RASInspect.cfg file is on the localmachine. If they are different, then the file is updated.

RASISet.htm is the digital hash file for RASISet.dll. It provides thehash code for the current version of RASISet.dll. During inspection, ahash code is generated of the local RASISet.dll file and compared to theone provided in this file. If they are the same, then the correctversion of the RASISet.dll file is on the local machine. If they aredifferent, then the file is updated.

OSInspector.htm is the digital hash file for OSInspector.cfg. Itprovides the hash code for the current version of OSInspector.cfg.During inspection, a hash code is generated of the local OSInspector.cfgfile and compared to the one provided in this file. If they are the samethen the correct version of the OSInspector.cfg file is on the localmachine. If they are different, then the file is updated. Note that anOSInspector.cfg file should be created for each OS patch being inspectedand the name of the .cfg file should correspond to the patch name. Acorresponding hash .htm file should then be generated for each .cfgfile. The OSInspector configuration files follow a very specific formatwhich must be adhered to in order for the patch inspections to beproperly performed.

RASInspect Configuration File

The RASInspect.cfg file is arranged in the same format as aninitialization (ini) file. Each section of the confirmation file isnamed using a string enclosed within square brackets. Each value isgiven a string name followed by an equals sign, then a string valueassigned to the name. The exception to this is the OSInspector sectiondescribed below. This section is enumerated according to the number ofpatches that are required to be checked. Each line in the OSInspectorsection follows the format of “patchfilename;opttruefalse;optfaddate,”where patchfilename is the name of the OSInspector.cfg file without theextension. This may be followed by a semicolon; then an optional Boolean(true or false) referring to whether the patch will force fail if notcorrectly installed. The default, if not explicitly set, is false. Ifthe force fail is set to false, the line may be followed by anothersemicolon and an optional force fail by date in the format “mm/dd/yyyy”.If a date is placed in this position and the second option is set to“true,” the date is ignored and the force fail takes place immediatelyupon a failed inspection.

RASInspect Configuration Sections

[Registry]—Defines the sections of the registry used to store andretrieve information. Note that all data is stored in an encryptedformat.

RegHive—Defaults to HKLM.

RegPath—This is the actual string used for the registry path. It shouldneither begin nor end in a backslash. However, backslashes can be usedto designate subfolders in the path.

[Connect]—Defines how the computer connects through the Internet.

String—The connect string used which corresponds to what the quarantineserver is looking for in order to release quarantine.

Port—The port used to connect to the RAS server.

WebURL—The web address used for checking the digital hash code ofcomponents and for downloading update components.

InspTimeout—A numeric value which designates the time allowed betweenwhen an inspection is done and the actual connection is made, prior toquarantine release. If an inspection is made and more than this amountof time passes before the quarantine release is attempted, theinspection is rendered invalid.

[AV]—Defines the antivirus system inspection.

avName—This is the name of the antivirus system. It is used for textmessages.

datFile—The complete path to the antivirus definition file including thename of the file itself.

iSpan—A numeric value which states the number of days in age which isacceptable for an antivirus definition file. If the antivirus definitionfile is older than this, RASInspect will fail the inspection and notallow quarantine release.

avProcessName—The name of the process which provides the antivirusservices. This name is used to check that the process is running. Ifthis process is not found to be running, RASInspector will fail theinspection and not allow quarantine release.

UpdateCmd—Complete path including the file name of the file which islaunched to provide the LiveUpdate function of the antivirus software.

UpdateArg—The argument passed to the LiveUpdate executable.

UpdateForce—Boolean (true or false) referring to whether failure to runLiveUpdate will force a failure. After the LiveUpdate, RASInspect checksthe date of the AntiVirus definition file. If UpdateForce is set to“false” and the definition file date is within the number of days set iniSpan, RASInspect will simply warn about the LiveUpdate failure andallow quarantine release.

[OSInspector]—Provides a list of the OSInspector configuration files.The list should contain only the left side of the file name and notinclude the period (or “dot”) or the extension. This section is anexception to the format for the rest of the RASInspect configurationfile. Since it is enumerated, allowing for a supposed unlimited numberof .cfg files to be checked, this section does not follow the“name=value” format of the rest of this file. Each line in theOSInspector section follows the format of“patchfilename;opttruefalse;optfaddate”. In this format, patchfilenameis the name of the OSInspector.cfg file without the extension. This maybe followed by a semicolon; then an optional Boolean (true or false)referring to whether the patch will force fail if not correctlyinstalled. The default, if not explicitly set, is false. If the forcefail is set to false, the line may be followed by another semicolon andan optional force fail by date in the format “mm/dd/yyyy”. If a date isplaced in this position and the second option is set to “true”, the dateis ignored and the force fail takes place immediately upon failedinspection.

OSInspector; opttruefalse; optfaddate—This is an example of how one filename can be represented. The name itself, of course, should reflect theactual name of the OS patch. There can be as many lines as there arepatches that need to be inspected. Each line should follow the format of“patchfilename;opttruefalse;optfaddate”, as described in the precedingparagraph.

[RASInspect]—Provides values used to customize the RAS Inspectionprocess.

dllName—Provides the name of the launching dll.

[SBMessages]—Provides customized message strings for the StatusBar.

SBGreeting—The first statement given as RASInspect begins.

SBComplete—Message given in StatusBar upon completion of a successfulinspection.

SBInspFailed—Message given in the StatusBar upon the event of aninspection failure.

[TBMessages]—Provides customized message strings for the TextBoxproviding status of the inspection process.

Current messages used (an asterisk indicates that changing the stringwill not currently affect the executable file):

-   -   *TBGreeting=“Beginning process to inspect your computer . . . ”    -   *TBLookupConfig=“Looking up Configuration Information . . . ”    -   *TBValidateEXE=“Validating Executable . . . ”    -   *TBNewEXE=“New version is available. Downloading . . . ”    -   *TBErrUpdateEXE=“Error updating executable! If this continues,        please contact support . . . ”    -   *TBErrInternetConn=“Possible error connecting to        Internet—Exiting . . . ”    -   *TBConfigNotFound=“Configuration Information was not found.        Exiting . . . ”    -   *TBConfigCorrupt=“Configuration Information is corrupted.        Exiting . . . ”    -   *TBConfigValid=“Configuration Information is valid.”    -   *TBCollectingData=“Collecting data . . . ”    -   TBBeginInspection=“Preparing to perform inspection . . . ”    -   TBCheckAVDef=“Checking AntiVirus Definitions . . . ”    -   TBRunLiveUpdate=“Running LiveUpdate . . . ”    -   TBAVDefNotFound=“AntiVirus definitions were not found!”    -   TBAVDefOld=“AntiVirus definitions are out of date . . . ”    -   TBAVCurrent=“Antivirus definitions are up to date.”    -   TBAVCheckRun=“Checking that AntiVirus software is running . . .        ”    -   TBAVRunning=“Antivirus Software is running . . . ”    -   TBAVNotRunning=“Antivirus Software is not running . . . ”    -   TBInspSuccess=“Everything looks good! Please input your PIN!”    -   TBInspectFailed=“For the protection of the Company computing        infrastructure, your computer was inspected and found to be        missing important components. For this reason you will not be        allowed to connect to the Company network until the following        issues have been resolved.    -   TBInspectNotPass=“For the protection of the Company computing        infrastructure, your computer was inspected and found to be        either missing important components or they are out of date. For        this reason you may be denied access to the Company network in        the near future until the following issues have been resolved.    -   TBInspectionOld=“Inspection Invalidated—EXITING!”    -   TBReleasingQuarantine=“RAS Connection Complete! Attempting to        release Quarantine . . . ”    -   TBRQErrUnknown=“An unknown error has occurred! Exiting now . . .        ”    -   TBRQErrNoRAS=“You are not running RAS! Is this a Test? Exiting        now . . . ”    -   TBRQSuccess=“You have been accepted. Go forth and Compute!”    -   TBRQDenied=“You have been denied access! The reason is outside        the scope of inspection. Please contact your administrator!        Exiting now . . . ”    -   TBRQErrShouldNot=“Made it to the end for some unknown reason.        Exiting now . . . ”    -   [IFMessages]—Provides customized strings used upon the Failure        of an inspection test:    -   IFAVDefNotFound=“Error in performing LiveUpdate (no definitions        found!)”    -   IFAVDefOld=“Error in performing LiveUpdate (definitions still        out of date!)”    -   IFAVNotRunning=“AntiVirus software is not running!”

The following is an exemplary configuration of the RASInspect.cfg filewith each section of the configuration file enclosed within brackets:

-   -   [Registry]    -   RegHive=HKLM    -   RegPath=“Software\CompanyName\RASInspect”    -   [Connect]    -   String=“XXXXXXXXXXXXXX”    -   Port=9999    -   WebURL=https://iras.company.com/XXXXXXXXXXXXXXXXXXXXXXXXX/    -   InspTimeout=2    -   [AV]    -   avName=“Symantec”    -   datFile=“c:\program files\common files\symantec        shared\virusdefs\definfo.dat”    -   iSpan=8    -   avProcessName=“RTVSCAN”    -   UpdateCmd=“C:\PROGRAM FILES \NAVNT\VPDN LU.EXE”    -   UpdateArg=“/fUpdate/s”    -   UpdateForce=false    -   [OSInspector Files]    -   OSInspector;false;11/02/2004    -   [RASInspect]    -   dllName=“RASISet”    -   [SBMessages]    -   SBGreeting=“Please Standby—Performing Inspection . . . ”    -   SBComplete=“Inspection Complete . . . ”    -   SBInspFailed=“Your system must be remediated!”    -   [TBMessages]    -   The TB messages are the same as described above and are not        repeated here for conciseness.    -   [IFMessages]    -   IFAVDefNotFound=“Error in performing LiveUpdate (no definitions        found!”    -   IFAVDefOld=“Error in performing LiveUpdate (definitions still        out of date!”    -   IFAVNotRunning=“AntiVirus software is not running!”        Configuring Connection Manager for RAS Inspector

The Connection Manager should be built using the Microsoft ConnectionManager Administration Kit (CMAK). The use of this kit provides for manypossible configuration profiles of the Connection Manager. The followingdescription is limited to only the parts required for the correct setupof the RAS Inspector tool.

The CMAK wizard is run by launching cmak.exe. This wizard builds aself-extracting executable which, when run on the workstation, buildsthe Connection Manager into the selected profile on the workstation.

When launching the CMAK wizard, the user selects or names the filenameof the profile that is being created. The user clicks “Next” through thewizard to configure and customize connection selections until the“Custom Actions” page 100 illustrated in FIG. 1 is displayed. This pageis used to specify programs that are to start automatically before,during, or after the VPN connection is made. Custom actions of the sameaction type are run in the order in which they appear in the list 110.In order to view the custom actions of a specific type, the user selectsthe action type in the drop down list that is displayed when the dropdown box 120 is selected. From the Custom Actions page, the user cancreate new or edit existing pre-tunnel and post-connect actions.

An exemplary “Edit Custom Actions” dialog box 200 for a pre-tunnelaction is illustrated in FIG. 2. The Edit Custom Action page includes adescription field, a program to run field, a parameters field, an actiontype field, and a “run this custom action for” field. In the descriptionfield, the user enters a descriptive title for the action (e.g.,RunRASInspectSetup). In the program to run field, the user enters thename of a program or script file to run for network policy compliancetesting (e.g., RASISet.dll). In the parameters field, the user entersthe set of command line parameters that are passed to the programidentified in the program to run field. In this exemplary display, thecomplete “Parameters” field 210 could read:

-   -   RunRASISetup %ServiceDir%\RASInspect.exe setup setup setup setup        0        It should be noted that there are no commas or quotes in this        string.

An exemplary “Edit Custom Actions” dialog box 300 for a post-connectaction is illustrated in FIG. 3. In the description field, the userenters a descriptive title for the action (e.g., RunRASInspect). In theprogram to run field, the user enters the name of a program or scriptfile to run for network policy compliance testing (e.g.,RASInspect.exe). In the parameters field, the user enters the set ofcommand line parameters that are passed to the program identified in theprogram to run field. In this exemplary display, the complete“Parameters” field 310 could read:

-   -   %DialRasEntry%,%TunnelRasEntry%,%Domain%,%UserName%,1        It should be noted that the use of commas in this field of the        post-connect screen is different than with the pre-tunnel action        screen.

The user continues to click “Next” on the displayed CMAK wizard pagesuntil the “Additional Files” page 400 illustrated in FIG. 4 isdisplayed. The user specifies all the additional files that the serviceprofile requires, such as data required by a custom action. As shown inthis figure, the user adds the following two files to the “AdditionalFiles” list: (1) RASInspect.cfg; (2) Application.htm.

The rest of the CMAK wizard is then completed as would normally be done.The final page displayed by the configuration wizard identifies wherethe self-installing executable file is located on the client hard drive.

CryptoText Component

CryptoText is a simple program designed to create and hash an encryptedconfiguration file which can be unencrypted and used by RAS Inspector.The CryptoText component will also create all of the hash files requiredfor proper operation of RAS Inspector.

To run CryptoText, the user simply launches CryptoText.exe. Asillustrated in FIG. 5, the user selects the “File” drop down menu 510 onthe Crypto Text screen, then “Open” to open an existing file or “New” tocreate a new one.

Selecting “New” from the “File” drop down menu 510 will provide a “SaveAs” dialog box 600, such as illustrated in FIG. 6. The user may type ina new file name or select an existing one which will be overwritten.With the new file named, the user can type in clear text anything thatis required. When finished, the user simply saves the file. CryptoTextwill encrypt the text into the file and create a hash file of theencrypted file with an .htm extension.

Selecting “Open” from menu 510 will provide a “File Open” dialog box700, such as illustrated in FIG. 7. The user selects the file that hewants to edit. Note that CryptoText can only open an existing filealready encrypted by CryptoText or one with the exact same encryptionalgorithm used by CryptoText. Once the file is opened, CryptoText willdisplay the encrypted file in clear text, such as illustrated in FIG. 8.

From this point, the user should be able to edit the text as needed,then save it. Once saved, the file will again be encrypted and a newhash file (with an .htm extension) will be created.

CryptoText can also be used to create hash files for other thanencrypted configuration files. To do so, the user can select the “Hash”drop down menu, then “Select File to Hash,” such as illustrated in FIG.9. Doing so will bring up another “File Open” dialog box. The userselects the file he wants to hash. Upon doing so, he will receive amessagebox, such as illustrated in FIG. 10.

Note that the hash file will be named the same as the selected file withthe exception that the extension will be .htm. The exception to this iswhen an executable file (.exe) is selected. In this case, the file willalways be named “Application.htm,” such as illustrated in FIG. 11.

It is important to be careful to use this feature for only oneexecutable file per folder since otherwise the user could overwrite animportant hash file with one that is not correct for the currentapplication.

FIG. 12 illustrates the processing logic for the RAS Inspector in anexemplary embodiment. By way of example and not limitation, theprocessing logic can be implemented in a remote access client running aMicrosoft Windows platform, such as Windows XP. Processing begins withcreating a remote access client configuration file as indicated in logicblock 1200. A digital hash of the remote client configuration file isthen generated as indicated in logic block 1204. The invention is notlimited to any particular digital hash function. Digital hash functionsare well-known in the art and there are many of such functions thatwould be suitable for use in the present invention.

In logic block 1208, a comparison of the digital hash of theconfiguration file is made with the configuration file stored at a weblocation. A test is then made in decision block 1212 to determine if adigital hash comparison resulted in a match. If the hash comparison isnot a match, RAS Inspector will download a new executable and exit,providing an exit code that identifies the availability of a new versionto the launching dll. This step is indicated in logic block 1216. Thelaunching dll will then rename the file and re-launch the executable asindicated in logic block 1220.

If a digital hash comparison in decision block 1212 resulted in a match,then a digital hash comparison is performed of a local encryptedconfiguration file to an encrypted configuration file stored at the weblocation. This step is indicated in logic block 1224. If this digitalhash comparison does not result in a match in decision block 1228, RASInspector then will download and replace the local encryptedconfiguration file. If the digital hash comparison results in a match indecision block 1228, a series of additional checks are then performed onthe remote access client beginning with the step indicated in logicblock 1236 in which a live update of virus definitions is performed. Thenext check is a validation that the virus definitions exist and thatthey are current (i.e., not out of date), as indicated in logic block1240. Next, as indicated in logic block 1244, a check is made that theanti-virus software on the remote access client is running and that itis active. Finally, in logic block 1248, operating system patches areinspected for appropriate versions and time stamps.

If all checks and inspections pass, as tested for in decision block1252, the remote client quarantine will be released and a VPN connectionto the remote access server will be completed as indicated in logicblock 1256. If not all inspections pass in decision block 1252, then theremote client will not be released from quarantine and will not be ableto access the remote access server. This step is indicated in logicblock 1260.

The system and method of the present invention have been described ascomputer-implemented processes. It is important to note, however, thatthose skilled in the art will appreciate that the mechanisms of thepresent invention are capable of being distributed as a program productin a variety of forms, and that the present invention applies regardlessof the particular type of signal bearing media utilized to carry out thedistribution. Examples of signal bearing media include, withoutlimitation, recordable-type media such as diskettes or CD ROMs, andtransmission type media such as analog or digital communications links.

The corresponding structures, materials, acts, and equivalents of allmeans plus function elements in any claims below are intended to includeany structure, material, or acts for performing the function incombination with other claim elements as specifically claimed. Thoseskilled in the art will appreciate that many modifications to theexemplary embodiment are possible without departing from the spirit andscope of the present invention.

In addition, it is possible to use some of the features of the presentinvention without the corresponding use of the other features.Accordingly, the foregoing description of the exemplary embodiment isprovided for the purpose of illustrating the principles of the presentinvention, and not in limitation thereof, since the scope of the presentinvention is defined solely by the appended claims.

What is claimed:
 1. A method, comprising: comparing, by an executablefile, a digital hash of an encrypted remote access configuration filewith an encrypted configuration file stored at a predefined weblocation; releasing a remote access client from a quarantine state andestablishing a connection between the remote access client and a remoteaccess server, when a plurality of inspections are passed; downloading anew executable configuration file and launching the new executableconfiguration file, when the comparing does not result in a match;forcing a failure to prevent access to the remote access server when theplurality of inspections are not passed; and performing an additionalhash comparison of a dynamic linked library and downloading a newdynamic linked library based on establishing the connection and clearingof the quarantine state.
 2. The method of claim 1, further comprising:updating of virus definitions.
 3. The method of claim 2, furthercomprising: validating that the virus definitions exist and arecurrently in effect.
 4. The method of claim 1, further comprising:determining if an installed antivirus program is active and running onthe remote access client.
 5. The method of claim 1, further comprising:inspecting at least one operating system patch for a current version andtimestamp.
 6. The method of claim 1, further comprising: generating thedigital hash of the encrypted remote access configuration file.
 7. Themethod of claim 1, further comprising: downloading and replacing theencrypted remote access configuration file.
 8. The method of claim 7,wherein the downloading and replacing occurs when the comparing adigital hash of an encrypted remote access configuration file with anencrypted configuration file stored at the predefined web location doesnot result in a match.
 9. A computer program product comprising anon-transitory computer readable storage medium having computer readablecode embedded therein, the computer readable medium comprising: programinstructions that compare, by an executable file, a digital hash of anencrypted remote access configuration file with an encryptedconfiguration file stored at a predefined web location; programinstructions that release a remote access client from a quarantine stateand establish a connection between the remote access client and a remoteaccess server, when a plurality of inspections are passed; programinstructions that download a new executable configuration file andlaunch the new executable configuration file, when the comparison doesnot result in a match; and program instructions that force a failure toprevent access to the remote access server when the plurality ofinspections are not passed; program instructions that perform anadditional hash comparison of a dynamic linked library and download anew dynamic linked library based on the establishment of the connectionand the quarantine state being cleared.
 10. The non-transitory computerreadable storage medium of claim 9, further comprising: programinstructions that update a plurality of virus definitions.
 11. Thenon-transitory computer readable storage medium of claim 10, furthercomprising: program instructions that validate that the virusdefinitions exist and are currently in effect.
 12. The non-transitorycomputer readable storage medium of claim 9, further comprising: programinstructions that determine if an installed antivirus program is activeand run on the remote access client.
 13. The non-transitory computerreadable storage medium of claim 9, further comprising: programinstructions that inspect at least one operating system patch for acurrent version and timestamp.
 14. The non-transitory computer readablestorage medium of claim 9, further comprising: program instructions thatgenerate the digital hash of the encrypted remote access configurationfile.
 15. The non-transitory computer readable storage medium of claim9, further comprising: program instructions that download and replacethe encrypted remote access configuration file when the programinstructions that compare an encrypted remote access configuration filewith an encrypted configuration file stored at the predefined weblocation do not result in a match.
 16. The non-transitory computerreadable storage medium of claim 9, wherein the program instructionsthat enable forcing of the failure based on the plurality of inspectionsnot passing are associated with settings for at least one checkcontained in the remote access configuration file.
 17. A system,comprising: a local data store; and a processor that executes aplurality of components including: a component that compares a digitalhash of an encrypted remote access configuration file with an encryptedconfiguration file stored at a predefined web location; a component thatreleases a remote access client from a quarantine state and establishesa connection between the remote access client and a remote accessserver, when a plurality of inspections are passed; a component thatdownloads a new executable configuration file and launches the newexecutable configuration file, when the comparison does not result in amatch; a component that forces a failure to prevent access to the remoteaccess server when the plurality of inspections are not passed; acomponent that performs an additional hash comparison of a dynamiclinked library and downloads a new dynamic linked library based on theestablishment of the connection and the quarantine state being cleared.18. The system of claim 17, further comprising: a component that updatesvirus definitions.
 19. The system of claim 18, further comprising: acomponent that validates that the virus definitions exist and arecurrently in effect.
 20. The system of claim 17, further comprising: acomponent that determines if an installed antivirus program is activeand runs on the remote access client.
 21. The system of claim 17,further comprising: a component that inspects at least one operatingsystem patch for a current version and timestamp.
 22. The system ofclaim 17, further comprising: a component that generates the digitalhash of the remote access configuration file.
 23. The system forproviding protected remote access of claim 17 further comprising acomponent that downloads and replaces the encrypted remote accessconfiguration file, if the digital hash comparison of an encryptedremote access configuration file with an encrypted configuration filestored at the predefined web location does not result in a match. 24.The system for providing protected remote access of claim 17, whereinthe remote access configuration file contains settings for at least onecheck that enables the failure to be forced when the plurality ofinspections are not passed.